(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property 
Organization 
International Bureau 




(43) International Publication Date (10) International Publication Number 

6 January 2005 (06.01.2005) PCT WO 2005/001618 A2 



(51) International Patent Classification 7 : 
(21) International Application Number: 



G06T 



(22) International Filing Date: 

(25) Filing Language: 

(26) Publication Language: 



PCT/US2004/017756 
4 June 2004 (04.06.2004) 
English 
English 



(30) Priority Data: 

60/475,639 



4 June 2003 (04.06.2003) US 



(71) Applicant (for all designated States except US): MAS- 
TERCARD INTERNATIONAL INCORPORATED 
[US/US]; 2000 Purchase Street, Purchase, NY 10577 (US). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): RUTHER- 
FORD, Bruce [US/US]. DAGHER, Alfred [US/US]. 
WIESMAN, Mark [US/US]. RIXENSART, Didier, 



Jean-Marie, Charles, Paie [BE/BE]. LASNES, 
Jean-Paul, Edmond, Rans [BE/BE]. NAMUR, Fikret, 
Ates [BE/BE]. WANKMUELLER, John [US/US]. 

(74) Agents: SCHEINFELD, Robert, C. et al.; Baker Botts 
LLP, 30 Rockefeller Plaza, New York, NY 10112-4498 
(US). 

(81) Designated States (unless otherwise indicated, for every 
kind of national protection available): AE, AG, AL, AM, 
AT, AU, AZ, BA, BB, BG, BR, BW, BY, BZ, CA, CH, CN, 
CO, CR, CU, CZ, DE, DK, DM, DZ, EC, EE, EG, ES, PL 
GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, 
KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, 
MG, MK, MN, MW, MX, MZ, NA, NI, NO, NZ, OM, PG, 
PH, PL, PT, RO, RU, SC, SD, SE, SG, SK, SL, SY, TJ, TM, 
TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, YU, ZA, ZM, 
ZW. 

(84) Designated States (unless otherwise indicated, for every 
kind of regional protection available): ARIPO (BW, GH, 

[Continued on next page] 



(54) Title: CUSTOMER AUTHENTICATION IN E-COMMERCE TRANSACTIONS 



IfflOl OW TO IWBWKIED TOR 



< 

00 



IT) 

O 



120 



150 




110 



amir 



KBSBIAL cmd-shuh 



UTOL KUBKED Sf *SS 

mm. amm a ax m cc 



(57) Abstract: A Chip Authentication Program based 
on 3-D Secure protocols is provided for authenticating 
customers' on-line transactions. An issuer, who may 
be a payment card issuer, operates Access Control 
and Authentication Request Servers for authenticating 
transactions by individual customers who are identified 
by their personal EMV-complaint smart cards. An 
authentication token is generated at the point of interaction 
(POT) for each transaction based on information from the 
customer's smart card and transaction specific information 
sent directly by the issuer to populate a web page at the POL 
Authentication tokens generated at the POI are evaluated by 
the Authentication Request Server to authenticate individual 
customer and/or card presence at the transaction POI. 
Authentication values are transported on-line in designated 
Universal Cardholder Authentication Fields consistent with 
3-D Secure protocols. 
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